Eldad Chai wrote:
I don't know SSL and HTTPS, and how Apache handles this, well enough to answer your question precisely.Hi, I am using Apache reverse proxy. I want to perform the following and wondering if it is possible: 1) Extract a field (Subject Name) from a client certificate sent over SSL and compare it to a local list I have 2) Add parts of the certificate to headers or parameters in the HTTP request to the backend server
But I can contribute this :If the result of the HTTPS handshake is such that, for Apache, this HTTP request ends up "authenticated" (iow it has a user-id), then yes, you could get that Apache request user-id and pass it on to a back-end. The exact way in which you might do this depends very much on a whole series of other criteria, which you might want to indicate in a future post :
- which platform(s) ? - Apache version ? - which back-end ? (and version) - how you connect the front-end to the back-end ? - does your front-end Apache have (for instance) mod_perl active ?(there are also a host of ways other than mod_perl to do things like that, such a mod_rewrite, setenvif, mod_headers, mod_proxy, mod_jk, etc..; I'm just mentioning mod_perl because it is my own preferred toolbox for that kind of thing).
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|